Privacy Policy

We collect only the minimum information necessary to provide our services securely and legally:

• Account Data: First name, last name, email address, and encrypted password hash.
• Identity Verification: Date of birth, address, and government-issued ID images (encrypted at rest).
• Transaction Data: Deposit and withdrawal amounts, crypto wallet addresses (hashed post-confirmation).
• Session Data: IP address, browser type, and login timestamps for security purposes only.
• Gameplay Data: Bet history, game outcomes, and wagering statistics for fairness verification.

Your data is used exclusively for the following purposes:

• Authenticating your identity and securing your account.
• Processing deposits, withdrawals, and bonus allocations.
• Verifying compliance with our responsible gaming policies.
• Detecting and preventing fraud, money laundering, and unauthorized use.
• Responding to your support requests and inquiries.
• Sending transactional emails (deposit confirmations, security alerts). You may opt out of marketing emails at any time.

We implement industry-leading security measures to protect your data at every layer:

• Encryption at Rest: All sensitive data is encrypted using AES-256-GCM.
• Encryption in Transit: All connections are secured with TLS 1.3. No unencrypted HTTP.
• Password Security: Passwords are hashed using bcrypt with a cost factor of 12. We never store plain-text passwords.
• Database Security: All queries use parameterized statements to prevent SQL injection attacks.
• Access Control: Strict role-based access controls — support agents cannot see passwords or full wallet addresses.

We use minimal, privacy-respecting cookies:

• Session Cookie: A single encrypted session cookie to keep you logged in. Expires on browser close.
• Preference Cookie: Stores your UI preferences (theme, language). Expires after 1 year.

We do not use third-party tracking cookies, advertising pixels, or analytics services that send your data off-site. We self-host all analytics using privacy-first software.

NeonCash complies with international Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. This requires us to:

• Verify the identity of all players before processing withdrawals above threshold amounts.
• Monitor transactions for suspicious patterns and report to relevant financial authorities when required by law.
• Retain transaction records for a minimum of 5 years as required under applicable regulations.
• Cooperate with law enforcement investigations when presented with valid legal process.

You have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data (subject to legal retention requirements).
• Right to Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing of your data for marketing purposes at any time.

To exercise any of these rights, contact our Data Protection Officer at privacy@neoncash.io.

We retain your personal data for as long as your account is active and for 5 years after account closure to comply with legal obligations. If you request account deletion:

• Your account is deactivated immediately and cannot be reactivated.
• Personal data is anonymised within 30 days (transaction records are retained in non-attributable form).
• Backup systems are purged within 90 days of the deletion request.